Almost any organization, such as a small business, having multiple associated parties performing tasks and operating within the organization, such as employees, needs to control and monitor the types of activities in which the associated parties engage. Typically, control of the activities of associated parties within an organization is achieved by assigning various permissions to the associated parties within the organization.
Some examples of permissions that can be granted a given associated party in an organization include, but are not limited to: access to data and control of the types of data to which the party is provided access; the capability to perform various actions or tasks within the organization; access to the data management and other applications used by the organization; the level of review required for various tasks and actions taken by the associated party; the capability and limits on the associated party to act as an agent for the organization; the capability and limits on the associated party to incur debt, or other liability, for the organization; the capability and limits on the associated party to pay bills for the organization; the capability and limits on the associated party to deal with, i.e., handle, cash; the capability and limits on the associated party to generate and sign agreements or otherwise represent the organization; spending, transaction, or requisition limits imposed on the associated party for transactions involving the organization; types of work the associated party can perform for the organization; types of clients the associated party can service, access, or interact with on behalf of the organization; specific clients or vendors of the organization to which the associated party is provided access; the level of independence of operation afforded to the associated party within the organization; and/or any other of the numerous forms of permissions and responsibilities assigned to a given associated party within an organization so that the activities of the associated party can be controlled.
Currently, the permissions granted to parties associated with an organization are typically determined based, consciously or unconsciously, and systematically or in an ad hoc manner, on several trust or competency factors and/or attributes associated with the parties. These trust or competency factors/party attributes typically include, but are not limited to, one of more of: the job description assigned to the associated party by, or within, the organization; how long the associated party has been with the organization; the performance level of the associated party within the organization; the associated party's employment history and historical special permission grants; and various other trust or competency factors/party attributes whether specifically identified and utilized or not.
One long standing technical problem associated with many prior art permissions granting methods is that, despite the fact that in the prior art permissions are often based on identifiable trust or competency factors/associated party attributes, many organizations, such as small businesses, lack any systematic, or in some cases even objectively logical, policy for identifying, weighting, and/or applying trust or competency factors/associated party attributes. Consequently, it can difficult, if not nearly impossible, to ensure permissions granted within the organization are granted safely, consistently, logically, and in accordance with the risk tolerance of the organization.
This current lack of consistency in the granting of permissions within organizations arises largely because currently there is no efficient mechanism for monitoring permissions granted to parties within an organization and logically comparing responsibilities of parties within the organization with the permissions granted those parties and with the risk tolerance of the organization. In addition, currently, there is no efficient and effective mechanism for determining permissions granted to various similar parties in similarly situated organizations. Consequently, there is currently no mechanism for comparing responsibilities and permissions of parties associated with the organization with the responsibilities and permissions granted similar parties in similar organizations.
In short, currently, it is often the case that for a given organization, there is no efficient and effective way to consistently determine and apply permissions based on either the permissions currently and historically granted to associated parties within the organization or with the permissions currently and historically granted to similar parties in similarly situated organizations. The result is inefficient, and often inconsistent, permission granting schemes that are, at best, arbitrary and are often illogical, unmanageable, and completely unrelated to, or out of sync with, the risk tolerance of the organization. This, in turn, can create significant liabilities and operational huddles for the organization.
In addition, currently, even in cases where permissions are granted in a relatively consistent way based on identified trust and competency factors/associated party attributes, the permissions granted a given associated party are very likely to be changed as the associated party grows and advances within the organization, or is otherwise tasked with different responsibilities within the organization. In addition, some associated parties will emerge as special cases needing associated special permissions to perform their tasks. However, currently, even relatively consistently applied permissions programs are often static and, at best, require manual monitoring and updates to the permissions and/or special permission grants on a transaction/action-by-transaction/action basis. As a result, currently, significant time and resources of an organization are often utilized just to keep the permissions associated with a given associated party within an organization up-to-date.
The situation described above is problematic enough for a relatively static organization. However, in situations where the organization is growing, and/or has high associated party turnover, it becomes unwieldly, and incredibly inefficient and resource draining, to ensure each of the parties in the organization has the permissions they need to perform their tasks and effectively operate within the organization, while at the same time protecting the organization from mistakes, malfeasance, and/or other liabilities. Consequently, there is a long standing technical need for a method and system to efficiently and effectively provide permissions to parties in an organization in a logical and consistent way and then logically and systematically evolve the permissions granted to an associated party in response to the associated party's activity within the organization.